Create records to allow the service to authenticate to a DB2 instance. During scanning the service will authenticate to one or more DB2 instances on a single host using the DB2 records in your account. When there are multiple DB2 instances, you create a separate authentication record for each instance.
For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article:
Authentication Technologies Matrix
A few things to consider... |
||||||||||||||||||||
What defines a DB2 instance?What defines a DB2 instance? For a vulnerability scan, an instance is defined uniquely by an IP address and port. For a compliance scan, an instance is defined uniquely by an IP address, port and database name. |
||||||||||||||||||||
Show me an example of multiple DB2 recordsShow me an example of multiple DB2 records Let's say you want to define these DB2 records in your account. In the table below, PC Only=Yes indicates that the check box “Use this record for Policy Compliance scans only” is selected in the record.
Record 1 and Record 2 will be used for both vulnerability scans and compliance scans. Record 3 will be used for compliance scans only. You’ll notice that Record 2 and Record 3 have the same IP address and port but different database names - this is allowed because Record 3 is used for compliance scans only. |
||||||||||||||||||||
By default, DB2 records will be used for both vulnerability and compliance scans. You can select the check box "Use this record for Policy Compliance scans only" if you want this record to only be used for compliance scans. |
Help me with record settings |
How do I get started?How do I get started? - Go to Scans > Authentication. - Check that you already have a record defined for each host running database instances. - Create a IBM DB2 record for the database instance. Go to New > Databases > IBM DB2. |
What login credentials are required?What login credentials are required? You'll need to supply a user name and password, the database name you want to authenticate to and the port the database is on. It is strongly recommended that you create one or more dedicated user accounts to be used solely by the scanning engine to authenticate to DB2 instances. |
Which IPs should I add to my record?Which IPs should I add to my record? Select the target hosts (IPs) to authenticate to. |
We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault. |
Windows Parameters (PC only)Windows Parameters (PC only) Provide details about your IBM DB2 installation to allow the scanning engine to gather DB2 compliance data at the Windows operating system level. Windows ParametersWindows Parameters Enter parameters for your IBM DB2 installation. All fields are required and have a limit of 255 characters. These special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ / Parameters: DB2 Installation Directory. Specify the path to the DB2 runtime library if you want the service to perform OS-dependent compliance checks. This is the location where DB2 has been installed on the server. Primary Archive Location. Specify the path to the primary archive location if you want the service to perform OS-dependent compliance checks. This is the directory where the primary log files are located. Secondary Archive Location. Specify the path to the secondary archive location if you want the service to perform OS-dependent compliance checks. This parameter specifies the number of secondary log files that are created and used for recovery log files (only as needed). It is set by the DB2 logsecond parameter. Tertiary Archive Location. Specify the path to the tertiary archive location if you want the service to perform OS-dependent compliance checks. This parameter specifies a path to which DB2 will try to archive log files if the log files cannot be archived to either the primary or the secondary (if set) archive destinations because of a media problem affecting those destinations. It is set by the DB2 fairarchpath parameter. Mirror Archive Location. Specify the path to the mirror archive location if you want the service to perform OS-dependent compliance checks. If mirrorlogpath is configured, DB2 will create active log files in both the log path and the mirror log path. All log data will be written to both paths. The mirror log path has a duplicate set of active log files. If the active log files are destroyed by a disk error or human error, the database can still function.
Windows Authentication RequiredWindows Authentication Required Windows authentication to target hosts is required to gather compliance data from a DB2 installation running on Windows. For this reason the same hosts defined in this DB2 record must also be defined in Windows record(s) in your account.
|
Unix Parameters (PC only)Unix Parameters (PC only) Provide details about your IBM DB2 installation to allow the scanning engine to gather DB2 compliance data at the Unix operating system level. Unix ParametersUnix Parameters Enter parameters for your IBM DB2 installation. All fields are required and have a limit of 255 characters. These special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ \ Parameters: DB2 Installation Directory. Specify the path to the DB2 runtime library if you want the service to perform OS-dependent compliance checks. This is the location where DB2 has been installed on the server. Primary Archive Location. Specify the path to the primary archive location if you want the service to perform OS-dependent compliance checks. This is the directory where the primary log files are located. Secondary Archive Location. Specify the path to the secondary archive location if you want the service to perform OS-dependent compliance checks. This parameter specifies the number of secondary log files that are created and used for recovery log files (only as needed). It is set by the DB2 logsecond parameter. Tertiary Archive Location. Specify the path to the tertiary archive location if you want the service to perform OS-dependent compliance checks. This parameter specifies a path to which DB2 will try to archive log files if the log files cannot be archived to either the primary or the secondary (if set) archive destinations because of a media problem affecting those destinations. It is set by the DB2 fairarchpath parameter. Mirror Archive Location. Specify the path to the mirror archive location if you want the service to perform OS-dependent compliance checks. If mirrorlogpath is configured, DB2 will create active log files in both the log path and the mirror log path. All log data will be written to both paths. The mirror log path has a duplicate set of active log files. If the active log files are destroyed by a disk error or human error, the database can still function.
Unix Authentication RequiredUnix Authentication Required Unix authentication to target hosts is required to gather compliance data from a DB2 installation running on Unix. For this reason the same hosts defined in this DB2 record must also be defined in Unix record(s) in your account.
|
Important Notes for Unit ManagersImportant Notes for Unit Managers When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.
|